But the really interesting part is their plan for managing laptops. They are using a virtual machine image on a flash storage device that can run on any system. So deploying a new system will only require installing the virtual machine software and inserting a storage device. Moving a user’s environment to a different system (EG due to hardware failure) will merely require inserting the storage device in a new system.

That raises the issue of ownership of the device. It seems that Jetstar are considering using systems that are owned by employees, Stephen Tame said “In two years’ time a laptop should be a condition of employment, and this includes bringing your own laptop“. When introducing that I expect there would be some resistance by employees who don’t want to spend the money. HoweverI have previously estimated the costs of running a car [2] which works out to more than $1,650 per year for insurance, registration, basic maintenance, and the interest that would have been received if the car had not been purchased and the money had been invested. Laptops can be purchased for significantly less than $1000 (currently the EeePC 701 is on sale for $219) and can be expected to last for three years or more if you are careful to avoid damage and don’t run demanding software. So a job that demands ownership of a laptop is asking for a much smaller financial investment than one which demands ownership of a car. But I expect that many employees won’t see it that way.

The up-side for employees to bring their own laptops is that they can choose a model that suits their preference. Everyone has preferences regarding the size of keys on a keyboard, the distance that they travel and the pressure required to register a key-press. For desktop machines it’s easy to swap keyboards but for laptops there is no such option. Then there’s the issue of the trade-off between physical size and weight vs display resolution, personal preferences in this regard will depend to some extent on the body mass and strength of the employee.

Now there are a number of security issues related to personal laptop use. Obviously if the laptop has a Trojan-horse program installed then it could sniff any data that goes past on the network. The most trivial case of this could be addressed by running VPN software inside the emulated environment. This would force a Trojan to compromise the virtual environment (EG by modifying the address space) or to compromise the files on disk (insert a Trojan inside the filesystem for the virtual environment). The former would be tricky to get right while the latter would be trivial. Both attack methods have been used in the past and proven to work. This is why many companies prohibit their employees from connecting their own systems to the corporate network.

One example of a system that is based around running virtual machines for all desktop operations is the NSA NetTop project [3]. NetTop involves a SE Linux system that runs multiple instances of VMWare for different desktop environments. Each VMWare instance runs at a particular sensitivity level and uses a VPN connection to a back-end network running at the same level. The aim of NetTop is to prevent applications in the different VMWare instances from communicating with each other. The significant difference between a typical NetTop installation and what JetStar might be doing is that NetTop runs on a secure base – it’s hardware that has been purchased and installed by a military organisation and is run in a secure facility. While personal laptops that are owned by employees can be expected to be infected with viruses and Trojan-horse programs.

Finally if buying machines for work purposes, you really don’t want employees using them for surfing porn. Porn sites tend to be particularly bad for malware distribution. To reduce the incidence of such problems I think that work machines should have their sound hardware disabled and laptops should not be purchased with overly large displays. There is no need to make work machines totally unsuitable for porn surfing (which would also make them less effective for work), but making them less suitable than a $500 budget PC should dramatically reduce the scope of the problem.

BYOL is a win for two reasons: people take better care of their own property than company property, and the employee or a family member takes care of maintaining the host OS. If the IT department cuts its exposure to desktop suckage to just maintaining a guest OS image and thin clients for loaners, the whole department’s effectiveness goes up. (If a user has a problem with personally owned hardware, he or she should be able to come in to the office, borrow a thin client from IT, and use his or her own desktop from that.)

At the last place I worked (as a technical consultant, normally working in the field on short-term engagements), we provided our own laptops, on the basis that we knew best what was suitable for our own use.

It worked out reasonably well; we got a technology allowance, and – just as with a car allowance – we were then required to provide all suitable IT resources required to do the job. Mobile phones were provided (and bills paid) by the company.

I don’t know how those things work in the US, but in many countries, buying a personal laptop costs much more than buying it through a company.
I have my own incorporated small business, and here’s how it breaks down for a €1000 laptop here in France, and most likely in other European countries:
First I have to pay mandatory health insurance, retirement fund and various other employment taxes amounting to ~30%, or €300. Then I have to pay income tax on that, another €300. Basically it costs my company €1600.
Now if I pay with my company credit card, I get the VAT back, ~20% or €200. It then counts towards the company assets which are taxed at a few % a year for 3 years or something. In the end the laptop costs less than €850. A large company would also get volume discounts.

Johannes: True, but soft-phones don’t give the greatest phone experience, and the latency of virtualisation is going to make them even worse. In Australia lots of mobile phone companies have good deals for corporations where calling other phones owned by the same corporation is very cheap. In the US the mobile phone system sucks pretty badly so your point may apply better there.

Jo: I’ve seen WAP porn, let’s just say that a lot of imagination would be required to get excited by such things.

Don: When company property is assigned to one individual it generally seems to be treated reasonably well. If a broken laptop was discussed at a performance review meeting it could end up costing the employee more than the purchase price. You assume that using a virtual environment will remove the problems related to OS configuration from the IT department, I’m not convinced – there are many subtle ways that someone can mess up their base OS install and cause the IT department to waste time debugging it.

I’ve written about the benefits of large monitors at the above URL. But it seems likely that there is a certain limit to the benefits of a larger monitor and that limit will probably vary by user and by work environment. If a wide choice of computers is offered to the users then in-house applications need to be written to support low resolution screens – which means that they may not take advantage of larger screens.

niczar: In Australia a personal purchase of anything which is essential for work is tax deductable, I expect that most countries work that way. I expect that if you sent the French tax office a copy of an employment contract saying “you must bring your own laptop to work” then they would let you tax deduct it.

Also in Australia there are various deals for buying computers through your employer. The tax office allows workers to buy computers out of before-tax money and the big computer companies (Dell etc) offer group discounts to employers shortly before the end of the financial year. An employee who accepts such a deal can buy a Dell system for less than the usual advertised price, and have their employer deduct the price from their before tax money.

niczar: In Australia a personal purchase of anything which is essential for work is tax deductable, I expect that most countries work that way. I expect that if you sent the French tax office a copy of an employment contract saying “you must bring your own laptop to work” then they would let you tax deduct it.

No, it definitely does not. Trust me, I know. And you wouldn’t get the 20% VAT back anyway. Nor the insurance/retirement fund.

To be clear, you can get your employer to reimburse your expenses (usually, travel expenses and the like), but then from an accounting point of view it belongs to the company. And if they let you keep it, it’s considered part of your income and you’re supposed to report it on your tax form and pay taxes on it.

niczar: So if the company deducted their cost of buying a laptop minus E50 from your salary and then offered to sell the laptop to you for E50 if you left the company or needed a new one, how would that go for tax?

Check with your local tax expert, but my understanding is that in the USA, if it’s a requirement of work and you buy it on your own, and the total you spent on work equipment is below a certain level, you can deduct the whole value immediately, as “Section 179 Property”

The employer buys more, so is more likely to be over the Section 179 limit. Over the limit, instead of deducting the whole price right away, the company has to book the computer as an asset and take depreciation, which I think has to be over 3 years for a computer.

I’d like to offer two vignettes as counterexamples to your advice on how to “porn-proof” a business PC.

I have an EeePC 701, with the 7 inch display. It kept me sane when I was living in China last year, some 8800 km from my family. It also quite satisfactorily displayed flesh-toned images and video, and that kept me sane too. 7 inches was quite sufficient.

On the other hand, since I find it hard to concentrate on anything mundane for more than 10 minutes unless I have repetitive music to keep me focused (thanks inherited ADHD genes!), providing me with a work machine incapable of sound would cause a major productivity loss for me.

Rather than locking down PCs, I’d be much more interested in creating a workplace where people were motivated to work, and therefore had less incentive to surf porn (or any other non-work related site), and a healthy workplace culture where the legal and OH&S implications of off-work sites was understood. Educate, don’t regulate!